projects / gcc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29a7d77)
re PR fortran/55475 (heap-buffer-overflow in fortran/error.c)
authorTobias Burnus <burnus@net-b.de>
Mon, 3 Dec 2012 08:56:11 +0000 (09:56 +0100)
committerTobias Burnus <burnus@gcc.gnu.org>
Mon, 3 Dec 2012 08:56:11 +0000 (09:56 +0100)
2012-12-03  Tobias Burnus  <burnus@net-b.de>

        PR fortran/55475
        * scanner.c (gfc_next_char_literal): Fix setting locus
        to free_line_length for the error message.
        * error.c (show_locus): Fix potential out-of-bounds
        read.

From-SVN: r194076

gcc/fortran/ChangeLog patch | blob | history
gcc/fortran/error.c patch | blob | history
gcc/fortran/scanner.c patch | blob | history

diff --git a/gcc/fortran/ChangeLog b/gcc/fortran/ChangeLog
index 84b085a4d7ed7b790d33bc0680ff5fe450f0df6d..30f82fd5ef8d8ffeb6759cc1cfa5669b828c2a37 100644 (file)
--- a/gcc/fortran/ChangeLog
+++ b/gcc/fortran/ChangeLog
@@ -1,4 +1,12 @@
-2012-11-03  Tobias Burnus  <burnus@net-b.de>
+2012-12-03  Tobias Burnus  <burnus@net-b.de>
+
+       PR fortran/55475
+       * scanner.c (gfc_next_char_literal): Fix setting locus
+       to free_line_length for the error message.
+       * error.c (show_locus): Fix potential out-of-bounds
+       read.
+
+2012-12-03  Tobias Burnus  <burnus@net-b.de>
 
        PR fortran/37336
        * class.c (finalizer_insert_packed_call): New static function.
diff --git a/gcc/fortran/error.c b/gcc/fortran/error.c
index 4b061560c0e2c98ea8d15e9d1bdafc0b9a6f6cff..611540c261aae524997e117d0763f564ac95bace 100644 (file)
--- a/gcc/fortran/error.c
+++ b/gcc/fortran/error.c
@@ -387,7 +387,7 @@ show_locus (locus *loc, int c1, int c2)
   cmax -= offset;
 
   p = &(lb->line[offset]);
-  for (i = 0; i <= cmax; i++)
+  for (i = 0; i < cmax; i++)
     {
       int spaces, j;
       spaces = gfc_widechar_display_length (*p++);
@@ -401,6 +401,11 @@ show_locus (locus *loc, int c1, int c2)
        error_char (' ');
     }
 
+  if (i == c1)
+    error_char ('1');
+  else if (i == c2)
+    error_char ('2');
+
   error_char ('\n');
 
 }
diff --git a/gcc/fortran/scanner.c b/gcc/fortran/scanner.c
index e0556a9760a173d88a83bd72bb276b3375309c9b..765c0f97705163b3f971276ffc17d1ff62172783 100644 (file)
--- a/gcc/fortran/scanner.c
+++ b/gcc/fortran/scanner.c
@@ -1068,10 +1068,12 @@ restart:
          && gfc_current_locus.lb->truncated)
        {
          int maxlen = gfc_option.free_line_length;
+         gfc_char_t *current_nextc = gfc_current_locus.nextc;
+
          gfc_current_locus.lb->truncated = 0;
-         gfc_current_locus.nextc += maxlen;
+         gfc_current_locus.nextc =  gfc_current_locus.lb->line + maxlen;
          gfc_warning_now ("Line truncated at %L", &gfc_current_locus);
-         gfc_current_locus.nextc -= maxlen;
+         gfc_current_locus.nextc = current_nextc;
        }
 
       if (c != '&')